Security News > 2022 > July

On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles.Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN. []. In a phone call, Kevin2600 explained that the attack relies on a weakness that allows someone using a software defined radio-such as HackRF-to capture the code that the car owner uses to open the car, and then replay it so that the hacker can open the car as well.

We're now seeing a shift back to traditional risk measurement, with underwriters approaching cyber insurance in a manner similar to physical insurance - by assessing where the biggest risks are and determining whether they should exclude certain risks from coverage, as well as establishing a bar to define what constitutes reasonable care. By the end of 2020, more than half of cyber insurance policy holders saw the price of their coverage rise by as much as 30 percent, according to GAO. While the current conflict in Ukraine will likely lead to a rise in cyber insurance purchases, the harsh reality is that most coverage will not protect enterprises from nation-state attacks or even ransomware.

Microsoft has warned users clinging to Windows 7 and Windows 8.1 that the end really is nigh. Windows 7 went out of support in 2020, but Microsoft recognized that many enterprises were quite happy where they were.

Cybersecurity, data protection and inadequate IT budgets are top of mind for IT professionals We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. The main three challenges are cybersecurity and data protection, insufficient IT budgets and resources to meet demands, and legacy systems that hamper growth and innovation, according to the annual report.

A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download malware. Researchers at CrowdStrike Intelligence discovered the campaign because CrowdStrike is actually one of the companies, among other security firms, being impersonated, they said in a recent blog post.

Can attackers create a face mask that would defeat modern facial recognition systems? A group of researchers from from Ben-Gurion University of the Negev and Tel Aviv University have proven that it can be done. "We validated our adversarial mask's effectiveness in real-world experiments by printing the adversarial pattern on a fabric face mask. In these experiments, the FR system was only able to identify 3.34% of the participants wearing the mask," they noted.

Ivanti worked with global digital transformation experts and surveyed 10,000 office workers, IT professionals, and the C-Suite to evaluate the level of prioritization and adoption of DEX in organizations and how it shapes the daily working experiences for employees. This Help Net Security video covers the highlights of these findings.

The UK Information Commissioner's Office on Monday issued a reprimand and called for a review of how and whether messaging services should be used for government business practices, after finding widespread and potentially dangerous use of private email, WhatsApp and other messaging tools by officials at the Department of Health and Social Care. The actions ordered by ICO came after a year-long investigation as to whether the DHSC was compliant with the UK General Data Protection Regulations, the UK Data Protection Act 2018 and the Freedom of Information Act 2000 during the COVID-19 pandemic.

Microsoft's promised service to enable automatic patching of Windows has gone live. The software giant on Monday announced Windows Autopatch is up and running.

Those forces are tracking technologies and data privacy regulations. Three pharmacies in Sweden recently reported themselves to the Privacy Protection Authority for deploying the ubiquitous Facebook "Tracking pixel" on their site and sharing consumers' personal data the pixel collected with the world's largest social network.